1. Field of the Invention
The present invention relates to an apparatus and method for protecting radio frequency identification (RFID) data, and more particularly, to an apparatus and method for protecting RFID data in which a RFID reader encrypts a request message so as to transmit the encrypted message to a RFID tag and the RFID tag encrypts a response message so as to reply to the RFID reader so that information of the RFID tag can be protected from an illegitimate eavesdropper and an ill-intentioned and unusual message can be detected.
2. Description of the Related Art
A conventional radio frequency identification (RFID) system includes a RFID tag, a RFID reader, and a RFID application server.
The RFID tag and the RFID reader are wireless communication devices and the international standard for a wireless access of the RFID tag and the RFID reader is defined in ISO/IEC 18000. The international standards of the conventional RFID wireless access define parameters of physical layers based on frequency characteristics and a command-response structure communicated between the RFID tag and the RFID reader.
Thus, the RFID reader must conform to a message form defined by the international standard ISO/IEC 18000 in order to read or write an identifier or information stored in the RFID tag.
However, the conventional international standard ISO/IEC 18000 does not define an authentication and a data protection for the RFID tag and the RFID reader. Accordingly, if an ill-intentioned attacker only conforms to the parameters of the physical layers and the command-response structure defined in the international standard ISO/IEC 18000, RFID tag information can be revealed through an illegal eavesdropping or the RFID system can be paralyzed due to an excessive command. Thus, security problems may occur.
An illegal eavesdropping or system rejection due to an excessive command message can be prevented by using a conventional symmetric key encryption/decryption and or a conventional public key encryption/decryption.
However, since the RFID tag has low operation ability, small memory capacity, and low data transmission capability, the conventional network security technology is rarely applied.
Therefore, security protocol which can conform to the RFID international standard and can be applied to the RFID tag and the RFID reader is required.